Controlling user creation of data resources on a data processing platform

US 10,735,429 B2
Filed: 06/04/2019
Issued: 08/04/2020
Est. Priority Date: 10/04/2017
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving from a user a user request to create a data resource on a software platform, the user request comprising, or identifying, a specification indicative of the data resource and a user identifier;

creating a version of the data resource indicated in accordance with the specification for deployment on the software platform for subsequent access or execution by said user;

identifying one or more annotations in the data resource specification;

in response to identifying an annotation associated with a security feature, associating, to the created data resource, an executable launch function that, when executed, obtains secret information necessary for accessing or executing the data resource when deployed on the software platform, wherein the launch function, when executed, transmits a data resource identifier to a software platform controller and receives therefrom information necessary for one or more actions to be performed on or by the created data resource;

the software platform controller determining one or more of metadata of the data resource, labels of the data resource, selectors of the data resource, comments of the data resource, a release version of the data resource, a deployment description of the data resource, a role of the user, a privilege level of the user, or one or more permissions of the user.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems are disclosed for controlling user creation of data resources on a software platform for storing and executing data resources for multiple users. The methods and systems may be performed using one or more processors or special-purpose computing hardware and may comprise receiving from a user a user request to create a data resource on the software platform, the user request comprising, or identifying, a specification indicative of the data resource and a user identifier associated with said user. A further operation may comprise performing verification of said user using the user identifier to determine if said user is permitted to create or modify the data resource indicated in the specification in accordance with a predetermined set of permissions. A further operation may comprise, responsive to verifying said user in accordance with the predetermined set of permissions, creating a version the data resource indicated in accordance with the specification for deployment on the software platform for subsequent access or execution by said user.

133 Citations

18 Claims

1. A method comprising:
- receiving from a user a user request to create a data resource on a software platform, the user request comprising, or identifying, a specification indicative of the data resource and a user identifier;
  
  creating a version of the data resource indicated in accordance with the specification for deployment on the software platform for subsequent access or execution by said user;
  
  identifying one or more annotations in the data resource specification;
  
  in response to identifying an annotation associated with a security feature, associating, to the created data resource, an executable launch function that, when executed, obtains secret information necessary for accessing or executing the data resource when deployed on the software platform, wherein the launch function, when executed, transmits a data resource identifier to a software platform controller and receives therefrom information necessary for one or more actions to be performed on or by the created data resource;
  
  the software platform controller determining one or more of metadata of the data resource, labels of the data resource, selectors of the data resource, comments of the data resource, a release version of the data resource, a deployment description of the data resource, a role of the user, a privilege level of the user, or one or more permissions of the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising:
    - identifying one or more other annotations in the data resource specification;
      
      associating, to the created data resource, an executable launch function appropriate to each of the identified annotations, wherein the launch function, when executed, transmits a data resource identifier to a software platform controller and receives therefrom information necessary for one or more actions to be performed on or by the created data resource.
  - 3. The method of claim 2, wherein the said information defines whether the user is permitted to create, edit and/or delete the data resource.
  - 4. The method of claim 1, wherein the secret information is received from a secure vault, external to the launch function and the software platform controller.
  - 5. The method of claim 4, wherein the secret information received from the software platform controller comprises a wrapped token, and wherein the launch function queries the secure vault using the secret information to obtain the secret information.
  - 6. The method of claim 4, wherein the secret information comprises a password and/or a digital certificate.
  - 7. The method of claim 1, wherein the user request comprises an indication that the data resource is required to be accessible to one or more other users, external to the software platform, via a network link, the method further comprising:
    - verifying that said user is permitted to allow access to the data resource by external users;
      
      responsive to verifying that said user is so permitted, creating one or more replicas of the data resource, and subsequently routing access requests from one or more external users to the one or more replicas.
  - 8. The method of claim 7, wherein the indication that the data resource is required to be accessible to one or more other users comprises identifying an annotation in the user request associated with said external user access, the method further comprising:
    - identifying other user access requests to the data resource by means of a corresponding annotation in the other user requests, the annotation optionally being a URL path.
  - 9. The method of claim 7, further comprising creating a plurality of replicas of the data resource and routing access requests from the one or more other users by means of a load balancing algorithm.

10. A computer system comprising:
- one or more processors;
  
  one or more non-transitory computer-readable storage media coupled to the one or more processors and storing one or more sequences of instructions which when executed cause performing;
  
  receiving from a user a user request to create a data resource on a software platform, the user request comprising, or identifying, a specification indicative of the data resource and a user identifier associated with an external user;
  
  creating a version of the data resource indicated in accordance with the specification for deployment on the software platform for subsequent access or execution by said user;
  
  identifying one or more annotations in the data resource specification;
  
  in response to identifying an annotation associated with a security feature, associating, to the created data resource, an executable launch function that, when executed, obtains secret information necessary for accessing or executing the data resource when deployed on the software platform, wherein the launch function, when executed, transmits a data resource identifier to a software platform controller and receives therefrom information necessary for one or more actions to be performed on or by the created data resource;
  
  the software platform controller determining one or more of;
  
  metadata of the data resource, labels of the data resource, selectors of the data resource, comments of the data resource, a release version of the data resource, a deployment description of the data resource, a role of the user, a privilege level of the user, or one or more permissions of the user.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system of claim 10, wherein the instructions, when executed, further cause performing:
    - identifying one or more other annotations in the data resource specification;
      
      associating, to the created data resource, an executable launch function appropriate to each of the identified annotations, wherein the launch function, when executed, transmits a data resource identifier to a software platform controller and receives therefrom information necessary for one or more actions to be performed on or by the created data resource.
  - 12. The system of claim 11, wherein the said information defines whether the user is permitted to create, edit and/or delete the data resource.
  - 13. The system of claim 10, wherein the secret information is received from a secure vault, external to the launch function and the software platform controller.
  - 14. The system of claim 13, wherein the secret information received from the software platform controller comprises a wrapped token, and wherein the launch function queries the secure vault using the secret information to obtain the secret information.
  - 15. The system of claim 13, wherein the secret information comprises a password and/or a digital certificate.
  - 16. The system of claim 10, wherein the user request comprises an indication that the data resource is required to be accessible to one or more other users, external to the software platform, via a network link, and wherein the instructions, when executed, further cause performing:
    - verifying that said user is permitted to allow access to the data resource by external users;
      
      responsive to verifying that said user is so permitted, creating one or more replicas of the data resource, and subsequently routing access requests from one or more external users to the one or more replicas.
  - 17. The system of claim 16, wherein the indication that the data resource is required to be accessible to one or more other users comprises identifying an annotation in the user request associated with said external user access, and wherein the instructions, when executed, further cause performing:
    - identifying other user access requests to the data resource by means of a corresponding annotation in the other user requests, the annotation optionally being a URL path.
  - 18. The system of claim 16, wherein the instructions, when executed, further cause performing:
    - creating a plurality of replicas of the data resource and routing access requests from the one or more other users by means of a load balancing algorithm.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Palantir Technologies Incorporated
Original Assignee
Palantir Technologies Incorporated
Inventors
Dearment, Greg, Anderson, Adam, Bradshaw, Andrew, Moylan, Bradley, Zhao, Jason
Primary Examiner(s)
Shayanfar, Ali

Application Number

US16/430,900
Publication Number

US 20190289009A1
Time in Patent Office

427 Days
Field of Search
US Class Current
CPC Class Codes

G06F 8/60   Software deployment

G06F 9/445   Program loading or initiati...

G06F 9/46   Multiprogramming arrangements

G06F 9/468   Specific access rights for ...

G06F 9/50   Allocation of resources, e....

G06F 9/5027   the resource being a machin...

G06F 9/505   considering the load

G06F 9/5061   Partitioning or combining o...

G06F 9/5072   Grid computing

H04L 63/0823   using certificates cryptogr...

H04L 63/10   for controlling access to d...

H04L 63/101   Access control lists [ACL]

H04L 63/168   above the transport layer

Controlling user creation of data resources on a data processing platform

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

133 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Controlling user creation of data resources on a data processing platform

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

133 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links